To Developers: If you worked on original Xbox games, and still have *legal* access to the code, please consider sending us any .xlast or .xms files; these are metadata-only files that contain matchmaking information and can help us get your games back online faster. [1/2]

An interesting bug in the Move VM verifier, also takes the crown for highest impact vulnerability I found 😁

The Nickel configuration language hits 1.0! If you’re tired of copy-pasting tens of thousands of YAML lines, this is a language for you... tweag.io/blog/2023-05-1…

Want to get your feet wet with Nickel? On the occasion of the 1.0 release, @YannHamdaoui has a video tutorial: youtube.com/watch?v=DzuoYm….

For those who are interested, I uploaded the slides of the CustomProcessingUnit talk at pietroborrello.com/talk/custom-pr… 👀 And the whole microcode framework is open-source at github.com/pietroborrello…

I'm so happy to share that I successfully defended my PhD! 🤩 In my thesis "Taming Complex Bugs in Secure Systems", I contributed to find and mitigate over a hundred vulnerabilities in software, operating systems and CPUs. You can find it here 👀 pietroborrello.com/uploads/Thesis… 1/N 🧵

Hello USENIX WOOT Conference on Offensive Technologies! I am here at IEEE S&P, and tomorrow I will present our work ROPfuscator: Robust Obfuscation with ROP. We will be live tomorrow at 9:15 AM and present at the afternoon demo session. Come say hi, and ping me for a chat! github.com/ropfuscator/ro…

First session! "Reflections on Trusting Docker: Invisible Malware in Continuous Integration Systems" "ROPfuscator: Robust Obfuscation with ROP" Giulio - [email protected] "GPThreats-3: Is Automatic Malware Generation a Threat?" Marcus Botacin "Emoji shellcoding in RISC-V" Georges-Axel Jaloyan

Session 2: 1st part! "The Ghost Is The Machine: Weird Machines in Transient Execution" "Cryo-Mechanical RAM Content Extraction Against Modern Embedded Systems" "CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode" Pietro Borrello, Cat Easdon

🎉🎉🎉 I am so happy to receive the best paper award, in one of my favorite academic venues, for one of my favorite works we have done in my PhD!! 🤩

So we tried really hard to stay out of any reasonable top-something at DEF CON CTF Quals, but everyone merged to spoil our plans. Stoked to be back! 🍝🚩 the finals afterparty definitely missed us last year

I’m looking for 2 PhD students working on #fuzzing in but not limited to parallel fuzzing (AFLTeam), directed fuzzing (next gen. of #aflgo), and expanding the reach of fuzzing to test diff. types of systems (having domain expertise is a big plus). DM is open & RTs are appreciated

Bitwarden just disclosed my H1 report: Bitwarden Desktop + Windows Hello used to store all your vault data as good as cleartext even with the vault locked and the application closed. The data was accessible to any program w/o needing privileges. [1/5] hackerone.com/reports/1874155

I'm very excited to announce that our paper "Confusum Contractum: Confused Deputy Vulnerabilities in Ethereum Smart Contracts" has been accepted at USENIX2023! 🥳 Stay tuned for more details! 👊🏼

Congratulations Dr. Thorsten Eisenhofer